Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-09-17 | * use get_random_bytes() for CSRF token | Andrew Dolgov | |
* get_random_bytes: use PHP7 random_bytes() if it is available * validate CSRF token using hash_equals | |||
2020-09-17 | auth_internal: use type-strict comparison when checking OTP code | Andrew Dolgov | |
2020-09-15 | af_proxy_http: require separate token to access imgproxy | Andrew Dolgov | |
2020-09-15 | af_proxy_http: never print received data directly, always redirect to cached_url | Andrew Dolgov | |
cache/getUrl: basename() passed filename just in case | |||
2020-09-15 | af_redditimgur: don't add embedded blank gif image for rewritten videos | Andrew Dolgov | |
2020-09-14 | - fix multiple vulnerabilities in af_proxy_http | Andrew Dolgov | |
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized - fetch_file_contents: validate all URLs before requesting them - validate URLs: explicitly whitelist http and https scheme, forbid everything else - DiskCache/cached_url: only serve whitelisted content types (images, video) - simplify filename/URL handling code, remove and consolidate some less-used functions | |||
2020-06-24 | core: pass found enclosures to HOOK_ARTICLE_FILTER | Andrew Dolgov | |
af_redditimgur: remove enclosures if we found something to embed because it's going to be a low-res thumbnail | |||
2020-05-30 | Created hotkeys_force_top plugin | Nathan Warner | |
Renamed swap_jk to match new naming scheme. | |||
2020-05-17 | implement keyboard-related changes discussed in ↵ | Andrew Dolgov | |
https://community.tt-rss.org/t/changing-the-amount-of-scroll-by-arrow-key/3452/7 | |||
2020-05-13 | use intersection observer to unpack visible articles, remove ↵ | Andrew Dolgov | |
Headlines.unpackVisible() | |||
2020-05-09 | rename cdmScrollToId to cdmMoveToId | Andrew Dolgov | |
prevent smooth scrolling when going directly to an article | |||
2020-03-13 | allow overriding built-in templates via templates.local | Andrew Dolgov | |
2020-02-28 | af_readability: allow get full text button to work as a toggle; in cdm, ↵ | Andrew Dolgov | |
scroll to article after embedding | |||
2020-02-27 | af_comics: split contents of subscribe/basic_info/fetch hooks into ↵ | Andrew Dolgov | |
appropriate per-comic filters | |||
2020-02-27 | af_comics: mention that Far Side needs cached media | Andrew Dolgov | |
2020-02-27 | af_comics: escape all template urls | Andrew Dolgov | |
2020-02-27 | use canonical fetch url for Far Side | Andrew Dolgov | |
2020-02-27 | remove unnecessary debugging from previous | Andrew Dolgov | |
2020-02-27 | af_comics: add experimental support for The Far Side | Andrew Dolgov | |
2020-02-27 | af_readability: sanitize content requested for embedding | Andrew Dolgov | |
2020-02-27 | fix plugins/note javascript part broken by previous changeset | Andrew Dolgov | |
2020-02-27 | af_readability: add article button to embed content of a specific article | Andrew Dolgov | |
2020-02-22 | don't generate default.css, replace with themes/light.css as a default root ↵ | Andrew Dolgov | |
CSS file | |||
2020-01-04 | Also match images with query string (size, tokens, etc). | koffieanon | |
2020-01-04 | Spaces to tabs for consistency. | koffieanon | |
2020-01-04 | Fix bug processing found due to operator precedence. | koffieanon | |
2019-12-18 | remove version.php and VERSION global constant, do version-related things in ↵ | Andrew Dolgov | |
a slightly less ridiculous way | |||
2019-11-27 | Af_Youtube_Embed: whitelist youtube iframes if enabled | Andrew Dolgov | |
2019-11-18 | af_comics: support buni webtoon episodes | Andrew Dolgov | |
2019-11-03 | 2fa: check TOTP based on previous secret values (oops of the year, 2019) | Andrew Dolgov | |
2019-11-01 | auth_internal: fix indents | Andrew Dolgov | |
2019-11-01 | implement app password checking / management UI | Andrew Dolgov | |
2019-11-01 | add placeholder authentication via app passwords if service is passed | Andrew Dolgov | |
forbid logins via regular passwords for services remove AUTH_DISABLE_OTP | |||
2019-11-01 | auth_internal: fix OTP seed checking | Andrew Dolgov | |
2019-10-09 | add notifications for mail and password changes | Andrew Dolgov | |
update and shorten some other message templates | |||
2019-10-06 | af_comics: Use a fixed time of day when generating fake feed for GoComics. ↵ | JustAMacUser | |
Without this the timestamp is always updated to be the time the feed is fetched, which causes the comics to keep moving to the top/bottom of the article list depending on the sort order. (Using 11:00 a.m. UTC as that should keep the date the same across the majority of time zones.) Try to get the actual title for GoComics comics. Also a little code clean up. | |||
2019-09-13 | Fix error "mb_convert_encoding(): Illegal character encoding specified" | Aleksandr Beliaev | |
modified: plugins/af_readability/init.php | |||
2019-08-21 | af_readability: require php 7.0 | Andrew Dolgov | |
2019-08-16 | af_readability: add missing file | Andrew Dolgov | |
2019-08-15 | pluginhost: add helper methods to get private/public pluginmethod endpoint URLs | Andrew Dolgov | |
2019-08-15 | fix several leftover mentions of old (renamed) class name, duh | Andrew Dolgov | |
2019-08-15 | af_zz_imgproxy: rename to af_proxy_http, use priority hook loader | Andrew Dolgov | |
2019-08-14 | consistency: use DiskCache->exists() to check for present files | Andrew Dolgov | |
2019-08-14 | retire MIN_CACHE_FILE_SIZE | Andrew Dolgov | |
2019-08-14 | af_zz_imgproxy: redirect to cached_url (3!!) | Andrew Dolgov | |
2019-08-14 | af_zz_imgproxy: redirect to cached_url if cache already exists so that urls ↵ | Andrew Dolgov | |
are a bit shorter (2) | |||
2019-08-14 | af_zz_imgproxy: redirect to cached_url if cache already exists so that urls ↵ | Andrew Dolgov | |
are a bit shorter | |||
2019-08-14 | DiskCache: more strict checking for input filenames, getUrl() is no longer ↵ | Andrew Dolgov | |
static | |||
2019-08-13 | * HOOK_ENCLOSURE_ENTRY: pass article_id to handler | Andrew Dolgov | |
* DiskCache: multiple fixes; support isWritable() for cache entries, set content-disposition for send() * public/cached_url: allow selecting files from sub-caches other than images * plugins/Cache_Starred_Images: rework to use DiskCache, can be enabled per-user, properly handles article enclosures, etc | |||
2019-08-13 | add DiskCache.send; switch af_zz_imgproxy to use DiskCache | Andrew Dolgov | |